Web3’s Billion-Dollar Bleeding: Cybercrime in DeFi
The rapid growth of Web3 and decentralized finance (DeFi) has transformed the financial landscape, offering unparalleled opportunities for innovation. However, it has also opened the floodgates for cybercriminals, with the scale of digital asset theft in DeFi now surpassing traditional bank robberies. According to a recent report by Mandiant, the decentralized financial ecosystem has become a prime target for sophisticated cyberattacks, with losses totaling over $12 billion since 2020.
One of the largest and most notorious incidents detailed in the report occurred in 2022, when North Korean hackers infiltrated the Ronin blockchain operated by Sky Mavis. The attackers made off with a staggering $625 million in cryptocurrency, cementing this heist as one of the most significant in the history of digital finance.
Though the Ronin attack garnered headlines, it was far from an isolated incident. Mandiant’s research highlights hundreds of similar attacks on Web3 services since 2020, with cryptocurrency exchanges being frequent targets. The trend dates back to one of the earliest heists in 2014 when the Mt. Gox exchange lost approximately $350 million in Bitcoin. More recently, in May 2024, the Japanese exchange DMM Bitcoin fell victim to a devastating attack, resulting in the theft of over $300 million.
One of the more insidious methods of attack involves social engineering. Mandiant reveals that hackers, particularly those from North Korea, have perfected the art of manipulation, using fake job offers to lure victims. Employees of cryptocurrency exchanges and DeFi services are targeted on platforms like LinkedIn, where they receive seemingly legitimate coding tests or employment contracts that carry hidden malware. Once the malware infiltrates a victim’s device, it can spread across the company’s network, giving attackers access to sensitive data, including cryptocurrency wallets.
The scale of these social engineering attacks is massive, with North Korean hackers also conducting supply chain attacks to gain access to broader ecosystems. In 2023, JumpCloud and 3CX fell prey to such an attack, allowing hackers to infiltrate crypto services used by their clients. Through these supply chain compromises, the attackers stole over $100 million by accessing wallet keys and performing internal reconnaissance.
Another key vulnerability in Web3 security lies in smart contracts, the building blocks of decentralized finance. These contracts are often open and publicly accessible, which means they can be examined for potential weaknesses. Unfortunately, hackers have become adept at exploiting these flaws. The July 2023 attack on Curve Finance is a stark example, where a vulnerability in the Vyper programming language was exploited, leading to the theft of $61 million.
Flash loan attacks are another rising threat in DeFi. These attacks exploit the structure of decentralized loans, manipulating the value of assets within a short timeframe. In March 2023, an attack on the Euler Finance protocol led to a $197 million loss. Such attacks continue to underscore the need for more robust security measures within the Web3 space.
Web3 is not just vulnerable at the technological level; decentralized governance models are also under siege. Mandiant’s report highlights attacks on decentralized autonomous organizations (DAOs), where hackers exploit governance voting systems to seize control. In one notable instance in May 2023, attackers compromised the Tornado Cash cryptocurrency mixer by manipulating its voting system. This allowed them to gain control of the project and withdraw 10,000 TORN tokens.
As Web3 continues to expand and attract new users, it is clear that the frequency and sophistication of cyberattacks will only increase. Mandiant’s report serves as a wake-up call for the industry, urging companies to reassess their security strategies. The report stresses the importance of adopting advanced monitoring systems, reinforcing social engineering defenses, and securing smart contracts and governance systems to protect digital assets.
In the world of Web3, the stakes are higher than ever. While the promise of decentralized finance is transformative, so too are the risks. Companies and developers must remain vigilant, investing in cutting-edge cybersecurity solutions to stay one step ahead of increasingly sophisticated threat actors.
